Introduction 2019/2/6 IKEv2 compatible news came in at AWS with Site to Site VPN. AWS Site-to-Site VPN Now Supports IKEv2 https://aws.amazon.com/about-aws/whats-new/2019/02/aws-site-to-site-vpn-now-supports-ikev2/ The point when connecting Azure and AWS was that AWS only supported IKEv1.This time, it became possible to realize two-way connection by supporting IKEv2. However, there are notes.BGP can not be used (it may be possible depending on settings). The connection configuration diagram is as follows. The procedure is as follows.Azure side1, Create virtual network2, Create gateway subnet3, creation of public IP4, Create virtual network gateway AWS side5, creation of VPC6, Create subnet7, Create Internet gateway (optional)8, create the customer gateway statically9, Creating Virtual Private Gateway10, create a VPN connection statically11, download the configuration file Azure side12, Create a local network gateway13, Create connection AWS side14, add a virtual private gateway to the routing table optionAzure side15 Setting up two connections Below, we will explain in Step by Step. 1, Create virtual network Create virtual network.The segment on the Azure side is 10.0.0.0/16. 2, Create gateway subnet Create a gateway subnet.Open the subnet from the virtual network screen and click on the gateway subnet to create it. Create a subnet created in 1 with another CIDR. Confirm that it was created. 3, creation of public IP Create a public IP. 4, Create virtual network gateway Create a virtual network gateway. 5, creation of VPC Create VPC.The segment on the AWS side is 192.168.0.0/16. 6, Create subnet Create a subnet. 7, Create Internet gateway (optional) Create Internet gateway (optional). Attach the Internet gateway to the VPC. Specify the Internet gateway at 0.0.0.0/0 in the route table. 8, create the customer gateway statically Check the IP address from Azure’s virtual network gateway. Create the customer gateway statically. Enter the IP address confirmed in the previous section in the IP address. 9, Creating Virtual Private Gateway Create Virtual Private Gateway. 10, create a VPN connection statically Create a VPN connection statically. Add the subnet on the Azure side to the prefix. 11, download the configuration file Download the configuration file. It is Generic to choose. Check the following.IPSec Tunnel # 1Pre-Shared KeyOutside IP Addresses:-Virtual Private Gateway 12, Create a local network gateway Create a local network gateway.For the IP address, set the above-identified IP address (Virtual Private Gateway).In the address space, enter the VPC segment on the AWS side. 13, Create connection Add from virtual network gateway connection. Enter the confirmed common key (Pre-Shared Key). Confirm that it is connected. 14, add a virtual private gateway to the routing table Add a virtual private gateway to the routing table. 15 Setting up two connections Create a local network gateway separately.At this time, check the IPSec Tunnel # 2 of the downloaded file and enter it.After creation, specify the local network gateway you created and create a connection. By setting up two connections, communication continues even if one connection expires to some time signature. Communication confirmation Azure, AWS to confirm that you can communicate with each other. All of the work is completed with this. Throughput I roughly measured the throughput using iperf. Azure：Standard D2s v3 (2 vcpu、8 GB memory)AWS：m5.large (2 vcpu 、8 GB memory) Azure→AWS ------------------------------------------------------------Client connecting to 192.168.0.5, TCP port 5001TCP window size: 45.0 KByte (default)------------------------------------------------------------[  3] local 10.0.0.4 port 51160 connected with 192.168.0.5 port 5001[ ID] Interval       Transfer     Bandwidth[  3]  0.0-10.0 sec   659 MBytes   553 Mbits/sec AWS→Azure ------------------------------------------------------------Client connecting to 10.0.0.4, TCP port 5001TCP window size: 45.0 KByte (default)------------------------------------------------------------[  3] local 192.168.0.5 port 50116 connected with 10.0.0.4 port 5001[ ID] Interval       Transfer     Bandwidth[  3]  0.0-10.0 sec   759 MBytes   636 Mbits/sec I wonder if it is usually faster than a leased line service. Summary I was able to confirm that AWS can directly connect with Azure by supporting IKEv2.Until now, it was necessary to prepare a Windows server etc. to VPN Azure and AWS.There is no necessity of setting up a virtual machine by enabling VPN to be established only by the managed service,The need to manage has been reduced, so that we do not care about operation almost.I believe that Azure and AWS can be connected in a mutually managed environment so that it can be used for various purposes in the future.I think that Azure is good at Azure, AWS is good at using AWS, DR for use and I think that there are many useful values.In addition, multi cloud will proceed! ! I am very happy because it was a feature I wanted for years ago! Original Content (Japanese) : http://level69.net/archives/26362

Amazon

How to deployment Knative on Azure Kubernetes Service (AKS)

no cloud, no life?

Read My Stories

Too Long; Didn't Read

Make resilience your competitive advantage

How to VPN connect between Azure and AWS with Managed Services.

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

How to deployment Knative on Azure Kubernetes Service (AKS)

101 Stories To Learn About Cloud Infrastructure

10 Things in Engineering We Don't Spend Enough Time On

10 Things I Did To Increase CloudTrail Logs Security

10 reasons to give cloud computing a go

How to deployment Knative on Azure Kubernetes Service (AKS)

101 Stories To Learn About Cloud Infrastructure

10 Things in Engineering We Don't Spend Enough Time On

10 Things I Did To Increase CloudTrail Logs Security

10 reasons to give cloud computing a go

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps